Data Privacy Legislation Introduced by Washington State

On January 17, 2019, the Washington state Senate proposed the Washington Privacy Act (WPA). The Act proposes data privacy regulations that would require companies to protect consumer “personal data,” mirroring provisions of the European Union’s General Data Protection Regulation (GDPR). This proposal comes on the heels of the California Consumer Privacy Act, which will be enacted on January 1, 2020.

Steps Towards Data Privacy

The WPA has the potential to be one of the most privacy-protected acts in the United States to date. If passed, it would limit the jurisdictional scope of the law for companies that conduct business in Washington or produce products/services used in the state. These companies must also 1) process data of 100,000 or more customers or 2) earn 50% or more of gross revenue for selling consumer personal data and control the data of at least 25,000 of these consumers.

The WPA would require companies in possession of data to be transparent and accountable as they process consumer information. This includes updating privacy policies to acknowledge the categories of personal data collected and the purpose for which the data is used. Additionally, these policies must include the rights consumers can exercise pursuant to the WPA, the categories of personal information that companies share with third parties, and the categories of third parties that the company shares data with. Further, Section 6 of the WPA highlights the rights of Washington consumers, which can be found here.

The act will be enforced by the attorney general’s office, and a violation of the WPA would be treated as a deceptive act in trade or commerce.